Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: b4912afa5f9fc87afd82950965941e31f3b2b06c
https://github.com/qemu/qemu/commit/b4912afa5f9fc87afd82950965941e31f3b2b06c
Author: Hyman Huang <[email protected]>
Date: 2024-06-10 (Mon, 10 Jun 2024)
Changed paths:
M hw/core/machine.c
M hw/scsi/scsi-disk.c
Log Message:
-----------
scsi-disk: Fix crash for VM configured with USB CDROM after live migration
For VMs configured with the USB CDROM device:
-drive file=/path/to/local/file,id=drive-usb-disk0,media=cdrom,readonly=on...
-device usb-storage,drive=drive-usb-disk0,id=usb-disk0...
QEMU process may crash after live migration, to reproduce the issue,
configure VM (Guest OS ubuntu 20.04 or 21.10) with the following XML:
<disk type='file' device='cdrom'>
<driver name='qemu' type='raw'/>
<source file='/path/to/share_fs/cdrom.iso'/>
<target dev='sda' bus='usb'/>
<readonly/>
<address type='usb' bus='0' port='2'/>
</disk>
<controller type='usb' index='0' model='piix3-uhci'/>
Do the live migration repeatedly, crash may happen after live migratoin,
trace log at the source before live migration is as follows:
[email protected]:usb_uhci_frame_start nr 319
[email protected]:usb_uhci_qh_load qh 0x35cb5400
[email protected]:usb_uhci_qh_load qh 0x35cb5480
[email protected]:usb_uhci_td_load qh 0x35cb5480, td 0x35cbe000, ctrl
0x0, token 0xffe07f69
[email protected]:usb_uhci_td_nextqh qh 0x35cb5480, td 0x35cbe000
[email protected]:usb_uhci_qh_load qh 0x35cb5680
[email protected]:usb_uhci_td_load qh 0x35cb5680, td 0x75ac5180, ctrl
0x19800000, token 0x3c903e1
[email protected]:usb_uhci_packet_add token 0x103e1, td 0x75ac5180
[email protected]:usb_packet_state_change bus 0, port 2, ep 2, packet
0x559f9ba14b00, state undef -> setup
[email protected]:usb_msd_cmd_submit lun 0, tag 0x472, flags 0x00000080,
len 10, data-len 8
[email protected]:scsi_req_parsed target 0 lun 0 tag 1138 command 74 dir
1 length 8
[email protected]:scsi_req_parsed_lba target 0 lun 0 tag 1138 command 74
lba 4096
[email protected]:scsi_req_alloc target 0 lun 0 tag 1138
[email protected]:scsi_req_continue target 0 lun 0 tag 1138
[email protected]:scsi_req_data target 0 lun 0 tag 1138 len 8
[email protected]:usb_packet_state_change bus 0, port 2, ep 2, packet
0x559f9ba14b00, state setup -> complete
[email protected]:usb_uhci_packet_complete_success token 0x103e1, td
0x75ac5180
[email protected]:usb_uhci_packet_del token 0x103e1, td 0x75ac5180
[email protected]:usb_uhci_td_complete qh 0x35cb5680, td 0x75ac5180
trace log at the destination after live migration is as follows:
[email protected]:usb_uhci_frame_start nr 320
[email protected]:usb_uhci_qh_load qh 0x35cb5100
[email protected]:usb_uhci_qh_load qh 0x35cb5480
[email protected]:usb_uhci_td_load qh 0x35cb5480, td 0x35cbe000, ctrl
0x1000000, token 0xffe07f69
[email protected]:usb_uhci_td_nextqh qh 0x35cb5480, td 0x35cbe000
[email protected]:usb_uhci_qh_load qh 0x35cb5700
[email protected]:usb_uhci_td_load qh 0x35cb5700, td 0x75ac5240, ctrl
0x39800000, token 0xe08369
[email protected]:usb_uhci_queue_add token 0x8369
[email protected]:usb_uhci_packet_add token 0x8369, td 0x75ac5240
[email protected]:usb_packet_state_change bus 0, port 2, ep 1, packet
0x56066b2fb5a0, state undef -> setup
[email protected]:usb_msd_data_in 8/8 (scsi 8)
2024-04-01 12:00:24.665+0000: shutting down, reason=crashed
The backtrace reveals the following:
Program terminated with signal SIGSEGV, Segmentation fault.
0 __memmove_sse2_unaligned_erms () at
../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:312
312 movq -8(%rsi,%rdx), %rcx
[Current thread is 1 (Thread 0x7f0a9025fc00 (LWP 3286206))]
(gdb) bt
0 __memmove_sse2_unaligned_erms () at
../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:312
1 memcpy (__len=8, __src=<optimized out>, __dest=<optimized out>) at
/usr/include/bits/string_fortified.h:34
2 iov_from_buf_full (iov=<optimized out>, iov_cnt=<optimized out>,
offset=<optimized out>, buf=0x0, bytes=bytes@entry=8) at ../util/iov.c:33
3 iov_from_buf (bytes=8, buf=<optimized out>, offset=<optimized out>,
iov_cnt=<optimized out>, iov=<optimized out>)
at
/usr/src/debug/qemu-6-6.2.0-75.7.oe1.smartx.git.40.x86_64/include/qemu/iov.h:49
4 usb_packet_copy (p=p@entry=0x56066b2fb5a0, ptr=<optimized out>,
bytes=bytes@entry=8) at ../hw/usb/core.c:636
5 usb_msd_copy_data (s=s@entry=0x56066c62c770, p=p@entry=0x56066b2fb5a0) at
../hw/usb/dev-storage.c:186
6 usb_msd_handle_data (dev=0x56066c62c770, p=0x56066b2fb5a0) at
../hw/usb/dev-storage.c:496
7 usb_handle_packet (dev=0x56066c62c770, p=p@entry=0x56066b2fb5a0) at
../hw/usb/core.c:455
8 uhci_handle_td (s=s@entry=0x56066bd5f210, q=0x56066bb7fbd0, q@entry=0x0,
qh_addr=qh_addr@entry=902518530, td=td@entry=0x7fffe6e788f0, td_addr=<optimized
out>,
int_mask=int_mask@entry=0x7fffe6e788e4) at ../hw/usb/hcd-uhci.c:885
9 uhci_process_frame (s=s@entry=0x56066bd5f210) at ../hw/usb/hcd-uhci.c:1061
10 uhci_frame_timer (opaque=opaque@entry=0x56066bd5f210) at
../hw/usb/hcd-uhci.c:1159
11 timerlist_run_timers (timer_list=0x56066af26bd0) at ../util/qemu-timer.c:642
12 qemu_clock_run_timers (type=QEMU_CLOCK_VIRTUAL) at ../util/qemu-timer.c:656
13 qemu_clock_run_all_timers () at ../util/qemu-timer.c:738
14 main_loop_wait (nonblocking=nonblocking@entry=0) at ../util/main-loop.c:542
15 qemu_main_loop () at ../softmmu/runstate.c:739
16 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at
../softmmu/main.c:52
(gdb) frame 5
(gdb) p ((SCSIDiskReq *)s->req)->iov
$1 = {iov_base = 0x0, iov_len = 0}
(gdb) p/x s->req->tag
$2 = 0x472
When designing the USB mass storage device model, QEMU places SCSI disk
device as the backend of USB mass storage device. In addition, USB mass
device driver in Guest OS conforms to the "Universal Serial Bus Mass
Storage Class Bulk-Only Transport" specification in order to simulate
the transform behavior between a USB controller and a USB mass device.
The following shows the protocol hierarchy:
+----------------+
CDROM driver | scsi command | CDROM
+----------------+
+-----------------------+
USB mass | USB Mass Storage Class| USB mass
storage driver | Bulk-Only Transport | storage device
+-----------------------+
+----------------+
USB Controller | USB Protocol | USB device
+----------------+
In the USB protocol layer, between the USB controller and USB device, at
least two USB packets will be transformed when guest OS send a
read operation to USB mass storage device:
1. The CBW packet, which will be delivered to the USB device's Bulk-Out
endpoint. In order to simulate a read operation, the USB mass storage
device parses the CBW and converts it to a SCSI command, which would be
executed by CDROM(represented as SCSI disk in QEMU internally), and store
the result data of the SCSI command in a buffer.
2. The DATA-IN packet, which will be delivered from the USB device's
Bulk-In endpoint(fetched directly from the preceding buffer) to the USB
controller.
We consider UHCI to be the controller. The two packets mentioned above may
have been processed by UHCI in two separate frame entries of the Frame List
, and also described by two different TDs. Unlike the physical environment,
a virtualized environment requires the QEMU to make sure that the result
data of CBW is not lost and is delivered to the UHCI controller.
Currently, these types of SCSI requests are not migrated, so QEMU cannot
ensure the result data of the IO operation is not lost if there are
inflight emulated SCSI requests during the live migration.
Assume for the moment that the USB mass storage device is processing the
CBW and storing the result data of the read operation to a buffre, live
migration happens and moves the VM to the destination while not migrating
the result data of the read operation.
After migration, when UHCI at the destination issues a DATA-IN request to
the USB mass storage device, a crash happens because USB mass storage device
fetches the result data and get nothing.
The scenario this patch addresses is this one.
Theoretically, any device that uses the SCSI disk as a back-end would be
affected by this issue. In this case, it is the USB CDROM.
To fix it, inflight emulated SCSI request be migrated during live migration,
similar to the DMA SCSI request.
Signed-off-by: Hyman Huang <[email protected]>
Message-ID:
<878c8f093f3fc2f584b5c31cb2490d9f6a12131a.1716531409.git.yong.hu...@smartx.com>
[Do not bump migration version, introduce compat property instead. - Paolo]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 903916f0a017fe4b7789f1c6c6982333a5a71876
https://github.com/qemu/qemu/commit/903916f0a017fe4b7789f1c6c6982333a5a71876
Author: Chuang Xu <[email protected]>
Date: 2024-06-11 (Tue, 11 Jun 2024)
Changed paths:
M target/i386/cpu.c
Log Message:
-----------
i386/cpu: fixup number of addressable IDs for processor cores in the physical
package
When QEMU is started with:
-cpu host,host-cache-info=on,l3-cache=off \
-smp 2,sockets=1,dies=1,cores=1,threads=2
Guest can't acquire maximum number of addressable IDs for processor cores in
the physical package from CPUID[04H].
When creating a CPU topology of 1 core per package, host-cache-info only
uses the Host's addressable core IDs field (CPUID.04H.EAX[bits 31-26]),
resulting in a conflict (on the multicore Host) between the Guest core
topology information in this field and the Guest's actual cores number.
Fix it by removing the unnecessary condition to cover 1 core per package
case. This is safe because cores_per_pkg will not be 0 and will be at
least 1.
Fixes: d7caf13b5fcf ("x86: cpu: fixup number of addressable IDs for logical
processors sharing cache")
Signed-off-by: Guixiong Wei <[email protected]>
Signed-off-by: Yipeng Yin <[email protected]>
Signed-off-by: Chuang Xu <[email protected]>
Reviewed-by: Zhao Liu <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: c94eb5db8e409c932da9eb187e68d4cdc14acc5b
https://github.com/qemu/qemu/commit/c94eb5db8e409c932da9eb187e68d4cdc14acc5b
Author: Pankaj Gupta <[email protected]>
Date: 2024-06-11 (Tue, 11 Jun 2024)
Changed paths:
M target/i386/sev.c
Log Message:
-----------
i386/sev: fix unreachable code coverity issue
Set 'finish->id_block_en' early, so that it is properly reset.
Fixes coverity CID 1546887.
Fixes: 7b34df4426 ("i386/sev: Introduce 'sev-snp-guest' object")
Signed-off-by: Pankaj Gupta <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 48779faef3c8e2fe70bd8285bffa731bd76dc844
https://github.com/qemu/qemu/commit/48779faef3c8e2fe70bd8285bffa731bd76dc844
Author: Pankaj Gupta <[email protected]>
Date: 2024-06-11 (Tue, 11 Jun 2024)
Changed paths:
M target/i386/sev.c
Log Message:
-----------
i386/sev: Move SEV_COMMON null check before dereferencing
Fixes Coverity CID 1546886.
Fixes: 9861405a8f ("i386/sev: Invoke launch_updata_data() for SEV class")
Signed-off-by: Pankaj Gupta <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: cd7093a7a168a823d07671348996f049d45e8f67
https://github.com/qemu/qemu/commit/cd7093a7a168a823d07671348996f049d45e8f67
Author: Pankaj Gupta <[email protected]>
Date: 2024-06-11 (Tue, 11 Jun 2024)
Changed paths:
M target/i386/sev.c
Log Message:
-----------
i386/sev: Return when sev_common is null
Fixes Coverity CID 1546885.
Fixes: 16dcf200dc ("i386/sev: Introduce "sev-common" type to encapsulate common
SEV state")
Signed-off-by: Pankaj Gupta <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 4228eb8cc6ba44d35cd52b05508a47e780668051
https://github.com/qemu/qemu/commit/4228eb8cc6ba44d35cd52b05508a47e780668051
Author: Paolo Bonzini <[email protected]>
Date: 2024-06-11 (Tue, 11 Jun 2024)
Changed paths:
M target/i386/tcg/decode-new.c.inc
M target/i386/tcg/decode-new.h
M target/i386/tcg/emit.c.inc
Log Message:
-----------
target/i386: remove CPUX86State argument from generator functions
CPUX86State argument would only be used to fetch bytes, but that has to be
done before the generator function is called. So remove it, and all
temptation together with it.
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: cc155f19717ced44d70df3cd5f149a5b9f9a13f1
https://github.com/qemu/qemu/commit/cc155f19717ced44d70df3cd5f149a5b9f9a13f1
Author: Paolo Bonzini <[email protected]>
Date: 2024-06-11 (Tue, 11 Jun 2024)
Changed paths:
M target/i386/cpu.h
M target/i386/tcg/emit.c.inc
Log Message:
-----------
target/i386: rewrite flags writeback for ADCX/ADOX
Avoid using set_cc_op() in preparation for implementing APX; treat
CC_OP_EFLAGS similar to the case where we have the "opposite" cc_op
(CC_OP_ADOX for ADCX and CC_OP_ADCX for ADOX), except the resulting
cc_op is not CC_OP_ADCOX. This is written easily as two "if"s, whose
conditions are both false for CC_OP_EFLAGS, both true for CC_OP_ADCOX,
and one each true for CC_OP_ADCX/ADOX.
The new logic also makes it easy to drop usage of tmp0.
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: e628387cf9a27a4895b00821313635fad4cfab43
https://github.com/qemu/qemu/commit/e628387cf9a27a4895b00821313635fad4cfab43
Author: Paolo Bonzini <[email protected]>
Date: 2024-06-11 (Tue, 11 Jun 2024)
Changed paths:
M target/i386/tcg/decode-new.c.inc
M target/i386/tcg/emit.c.inc
Log Message:
-----------
target/i386: put BLS* input in T1, use generic flag writeback
This makes for easier cpu_cc_* setup, and not using set_cc_op()
should come in handy if QEMU ever implements APX.
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: c2b6b6a65a227d2bb45e1b2694cf064b881543e4
https://github.com/qemu/qemu/commit/c2b6b6a65a227d2bb45e1b2694cf064b881543e4
Author: Paolo Bonzini <[email protected]>
Date: 2024-06-11 (Tue, 11 Jun 2024)
Changed paths:
M target/i386/tcg/decode-new.c.inc
M target/i386/tcg/emit.c.inc
Log Message:
-----------
target/i386: change X86_ENTRYr to use T0
I am not sure why I made it use T1. It is a bit more symmetric with
respect to X86_ENTRYwr (which uses T0 for the "w"ritten operand
and T1 for the "r"ead operand), but it is also less flexible because it
does not let you apply zextT0/sextT0.
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 4e2dc59cf99b5d352b426ee30b8fbb9804e237d1
https://github.com/qemu/qemu/commit/4e2dc59cf99b5d352b426ee30b8fbb9804e237d1
Author: Paolo Bonzini <[email protected]>
Date: 2024-06-11 (Tue, 11 Jun 2024)
Changed paths:
M target/i386/tcg/decode-new.c.inc
M target/i386/tcg/emit.c.inc
Log Message:
-----------
target/i386: change X86_ENTRYwr to use T0, use it for moves
Just like X86_ENTRYr, X86_ENTRYwr is easily changed to use only T0.
In this case, the motivation is to use it for the MOV instruction
family. The case when you need to preserve the input value is the
odd one, as it is used basically only for BLS* instructions.
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: c0df9563a3d1b95b91d3ad7e2519fed0c2952772
https://github.com/qemu/qemu/commit/c0df9563a3d1b95b91d3ad7e2519fed0c2952772
Author: Paolo Bonzini <[email protected]>
Date: 2024-06-11 (Tue, 11 Jun 2024)
Changed paths:
M target/i386/tcg/decode-new.c.inc
M target/i386/tcg/decode-new.h
M target/i386/tcg/emit.c.inc
Log Message:
-----------
target/i386: replace NoSeg special with NoLoadEA
This is a bit more generic, as it can be applied to MPX as well.
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 024538287e4b4838a21cacec3709ed55093807b9
https://github.com/qemu/qemu/commit/024538287e4b4838a21cacec3709ed55093807b9
Author: Paolo Bonzini <[email protected]>
Date: 2024-06-11 (Tue, 11 Jun 2024)
Changed paths:
M target/i386/tcg/decode-new.c.inc
M target/i386/tcg/decode-new.h
Log Message:
-----------
target/i386: fix processing of intercept 0 (read CR0)
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: a1af7fba5a003dd4b12b4b7dfdd869fd1aab80ef
https://github.com/qemu/qemu/commit/a1af7fba5a003dd4b12b4b7dfdd869fd1aab80ef
Author: Paolo Bonzini <[email protected]>
Date: 2024-06-17 (Mon, 17 Jun 2024)
Changed paths:
M target/i386/tcg/decode-new.c.inc
M target/i386/tcg/decode-new.h
M target/i386/tcg/emit.c.inc
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: convert MOV from/to CR and DR to new decoder
Complete implementation of C and D operand types, then the operations
are just MOVs.
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: e0448caebfdb6849860100cbd1591bc63874e369
https://github.com/qemu/qemu/commit/e0448caebfdb6849860100cbd1591bc63874e369
Author: Paolo Bonzini <[email protected]>
Date: 2024-06-17 (Mon, 17 Jun 2024)
Changed paths:
M target/i386/helper.h
M target/i386/tcg/emit.c.inc
M target/i386/tcg/sysemu/misc_helper.c
Log Message:
-----------
target/i386: replace read_crN helper with read_cr8
All other control registers are stored plainly in CPUX86State.
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 10340080cd501b1aba23c3e502e2e0aa7c825fbf
https://github.com/qemu/qemu/commit/10340080cd501b1aba23c3e502e2e0aa7c825fbf
Author: Paolo Bonzini <[email protected]>
Date: 2024-06-17 (Mon, 17 Jun 2024)
Changed paths:
M target/i386/tcg/decode-new.c.inc
Log Message:
-----------
target/i386: fix bad sorting of entries in the 0F table
Aesthetic change only.
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: ea89aa895e98fd8a1b9ebf7e3dc8bfcd863b9466
https://github.com/qemu/qemu/commit/ea89aa895e98fd8a1b9ebf7e3dc8bfcd863b9466
Author: Paolo Bonzini <[email protected]>
Date: 2024-06-17 (Mon, 17 Jun 2024)
Changed paths:
M target/i386/tcg/decode-new.c.inc
M target/i386/tcg/decode-new.h
M target/i386/tcg/emit.c.inc
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: finish converting 0F AE to the new decoder
This is already partly implemented due to VLDMXCSR and VSTMXCSR; finish
the job.
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 556c4c5cc44c3454f78d796b6050c6d574a35dd2
https://github.com/qemu/qemu/commit/556c4c5cc44c3454f78d796b6050c6d574a35dd2
Author: Paolo Bonzini <[email protected]>
Date: 2024-06-17 (Mon, 17 Jun 2024)
Changed paths:
M target/i386/tcg/decode-new.c.inc
M target/i386/tcg/decode-new.h
Log Message:
-----------
target/i386: split X86_CHECK_prot into PE and VM86 checks
SYSENTER is allowed in VM86 mode, but not in real mode. Split the check
so that PE and !VM86 are covered by separate bits.
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: ae541c0eb47f2fbcfd975c8e2fcb0e3a2613dc1c
https://github.com/qemu/qemu/commit/ae541c0eb47f2fbcfd975c8e2fcb0e3a2613dc1c
Author: Paolo Bonzini <[email protected]>
Date: 2024-06-17 (Mon, 17 Jun 2024)
Changed paths:
M target/i386/tcg/decode-new.c.inc
M target/i386/tcg/decode-new.h
M target/i386/tcg/emit.c.inc
M target/i386/tcg/seg_helper.c
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: convert non-grouped, helper-based 2-byte opcodes
These have very simple generators and no need for complex group
decoding. Apart from LAR/LSL which are simplified to use
gen_op_deposit_reg_v and movcond, the code is generally lifted
from translate.c into the generators.
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 87b2037b65d07d43edff1c4e177e9136dff32896
https://github.com/qemu/qemu/commit/87b2037b65d07d43edff1c4e177e9136dff32896
Author: Paolo Bonzini <[email protected]>
Date: 2024-06-17 (Mon, 17 Jun 2024)
Changed paths:
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: pull load/writeback out of gen_shiftd_rm_T1
Use gen_ld_modrm/gen_st_modrm, moving them and gen_shift_flags to the
caller. This way, gen_shiftd_rm_T1 becomes something that the new
decoder can call.
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: e4e5981daf37146473b30b9219f78796d15320c5
https://github.com/qemu/qemu/commit/e4e5981daf37146473b30b9219f78796d15320c5
Author: Paolo Bonzini <[email protected]>
Date: 2024-06-17 (Mon, 17 Jun 2024)
Changed paths:
M target/i386/tcg/emit.c.inc
Log Message:
-----------
target/i386: adapt gen_shift_count for SHLD/SHRD
SHLD/SHRD can have 3 register operands - s->T0, s->T1 and either
1 or CL - and therefore decode->op[2] is taken by the low part
of the register being shifted. Pass X86_OP_* to gen_shift_count
from its current callers and hardcode cpu_regs[R_ECX] as the
shift count.
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 647690274053a35dbaa2617f01d432d6ba4e76a8
https://github.com/qemu/qemu/commit/647690274053a35dbaa2617f01d432d6ba4e76a8
Author: Paolo Bonzini <[email protected]>
Date: 2024-06-17 (Mon, 17 Jun 2024)
Changed paths:
M target/i386/tcg/decode-new.c.inc
M target/i386/tcg/emit.c.inc
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: convert SHLD/SHRD to new decoder
Use the same flag generation code as SHL and SHR, but use
the existing gen_shiftd_rm_T1 function to compute the result
as well as CC_SRC.
Decoding-wise, SHLD/SHRD by immediate count as a 4 operand
instruction because s->T0 and s->T1 actually occupy three op
slots. The infrastructure used by opcodes in the 0F 3A table
works fine.
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 11ffaf8c73aae1a70f4640ada14a437a78d06efb
https://github.com/qemu/qemu/commit/11ffaf8c73aae1a70f4640ada14a437a78d06efb
Author: Paolo Bonzini <[email protected]>
Date: 2024-06-17 (Mon, 17 Jun 2024)
Changed paths:
M target/i386/tcg/decode-new.c.inc
M target/i386/tcg/decode-new.h
M target/i386/tcg/emit.c.inc
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: convert LZCNT/TZCNT/BSF/BSR/POPCNT to new decoder
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 7b1f25ac3a6dd482d2637a3b4fbbfc326dac0bc8
https://github.com/qemu/qemu/commit/7b1f25ac3a6dd482d2637a3b4fbbfc326dac0bc8
Author: Paolo Bonzini <[email protected]>
Date: 2024-06-17 (Mon, 17 Jun 2024)
Changed paths:
M target/i386/tcg/decode-new.c.inc
M target/i386/tcg/emit.c.inc
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: convert XADD to new decoder
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 0c4da54883336e43af13ad3b3c33dac646cfa9fb
https://github.com/qemu/qemu/commit/0c4da54883336e43af13ad3b3c33dac646cfa9fb
Author: Paolo Bonzini <[email protected]>
Date: 2024-06-17 (Mon, 17 Jun 2024)
Changed paths:
M target/i386/tcg/decode-new.c.inc
M target/i386/tcg/emit.c.inc
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: convert CMPXCHG to new decoder
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 109238a8d97cd8e85ca614109724a0b1222b21f5
https://github.com/qemu/qemu/commit/109238a8d97cd8e85ca614109724a0b1222b21f5
Author: Paolo Bonzini <[email protected]>
Date: 2024-06-17 (Mon, 17 Jun 2024)
Changed paths:
M target/i386/sev.c
Log Message:
-----------
target/i386: SEV: do not assume machine->cgs is SEV
There can be other confidential computing classes that are not derived
from sev-common. Avoid aborting when encountering them.
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: e65152d5483b2c847ec7a947ed52650152cfdcc0
https://github.com/qemu/qemu/commit/e65152d5483b2c847ec7a947ed52650152cfdcc0
Author: Masato Imai <[email protected]>
Date: 2024-06-17 (Mon, 17 Jun 2024)
Changed paths:
M accel/kvm/kvm-all.c
Log Message:
-----------
migration/dirtyrate: Fix segmentation fault
Since the kvm_dirty_ring_enabled function accesses a null kvm_state
pointer when the KVM acceleration parameter is not specified, running
calc_dirty_rate with the -r or -b option causes a segmentation fault.
Signed-off-by: Masato Imai <[email protected]>
Message-ID: <[email protected]>
[Assert kvm_state when kvm_dirty_ring_enabled was called to fix it. - Hyman]
Signed-off-by: Hyman Huang <[email protected]>
Commit: 85743f54fab535f2bee7bdaeda9754fad8edcacc
https://github.com/qemu/qemu/commit/85743f54fab535f2bee7bdaeda9754fad8edcacc
Author: Richard Henderson <[email protected]>
Date: 2024-06-17 (Mon, 17 Jun 2024)
Changed paths:
M hw/core/machine.c
M hw/scsi/scsi-disk.c
M target/i386/cpu.c
M target/i386/cpu.h
M target/i386/helper.h
M target/i386/sev.c
M target/i386/tcg/decode-new.c.inc
M target/i386/tcg/decode-new.h
M target/i386/tcg/emit.c.inc
M target/i386/tcg/seg_helper.c
M target/i386/tcg/sysemu/misc_helper.c
M target/i386/tcg/translate.c
Log Message:
-----------
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* i386: fix issue with cache topology passthrough
* scsi-disk: migrate emulated requests
* i386/sev: fix Coverity issues
* i386/tcg: more conversions to new decoder
# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmZv6kMUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroOn4Af/evnpsae1fm8may1NQmmezKiks/4X
# cR0GaQ7w75Oas05jKsG7Xnrq3Vn6p5wllf3Wf00p7F1iJX18azY9rQgIsUVUgVem
# /EIZk1eM6+mDxuIG0taPxc5Aw3cfIBWAjUmzsXrSr55e/wyiIxZCeUo2zk8Il+iL
# Z4ceNzY5PZzc2Fl10D3cGs/+ynfiDM53ucwe3ve2T6NrxEVfKQPp5jkIUkBUba6z
# zM5O4Q5KTEZYVth1gbDTB/uUJLUFjQ12kCQfRCNX+bEPDHwARr0UWr/Oxtz0jZSd
# FvXohz7tI+v+ph0xHyE4tEFqryvLCII1td2ohTAYZZXNGkjK6XZildngBw==
# =m4BE
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 17 Jun 2024 12:48:19 AM PDT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "[email protected]"
# gpg: Good signature from "Paolo Bonzini <[email protected]>" [full]
# gpg: aka "Paolo Bonzini <[email protected]>" [full]
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (25 commits)
target/i386: SEV: do not assume machine->cgs is SEV
target/i386: convert CMPXCHG to new decoder
target/i386: convert XADD to new decoder
target/i386: convert LZCNT/TZCNT/BSF/BSR/POPCNT to new decoder
target/i386: convert SHLD/SHRD to new decoder
target/i386: adapt gen_shift_count for SHLD/SHRD
target/i386: pull load/writeback out of gen_shiftd_rm_T1
target/i386: convert non-grouped, helper-based 2-byte opcodes
target/i386: split X86_CHECK_prot into PE and VM86 checks
target/i386: finish converting 0F AE to the new decoder
target/i386: fix bad sorting of entries in the 0F table
target/i386: replace read_crN helper with read_cr8
target/i386: convert MOV from/to CR and DR to new decoder
target/i386: fix processing of intercept 0 (read CR0)
target/i386: replace NoSeg special with NoLoadEA
target/i386: change X86_ENTRYwr to use T0, use it for moves
target/i386: change X86_ENTRYr to use T0
target/i386: put BLS* input in T1, use generic flag writeback
target/i386: rewrite flags writeback for ADCX/ADOX
target/i386: remove CPUX86State argument from generator functions
...
Signed-off-by: Richard Henderson <[email protected]>
Commit: 900536d3e97aed7fdd9cb4dadd3bf7023360e819
https://github.com/qemu/qemu/commit/900536d3e97aed7fdd9cb4dadd3bf7023360e819
Author: Richard Henderson <[email protected]>
Date: 2024-06-17 (Mon, 17 Jun 2024)
Changed paths:
M accel/kvm/kvm-all.c
Log Message:
-----------
Merge tag 'dirtylimit-dirtyrate-pull-request-20240617' of
https://github.com/newfriday/qemu into staging
dirtylimit-dirtyrate-pull-request-20240617: Fix a segmentation fault
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEaF0CINwmSCgVLlfC3/Ij1rP+y5wFAmZwVvkACgkQ3/Ij1rP+
# y5xAyQ//T0ABDLvAmtkUWRlRxZvQBDiZdFuWiPv3ntA5GdL04hL9Mlxof0rmMBrM
# VCFLYOzDImy/cf9SawieUIUyKmhY0TN66PEupoJBMm/k+bccOQi/7uuCscau4YjA
# I5f1Ms7GI8tSMyigoPSKmkPO5gvTwptkM3AOtuKs0w/8sFt/FuBWCYi81Xye7eQe
# X5idndqaLbylg0PacoSPARL1xeXUaokpbvpbg3HAIVH1zDNiNSBkVZnysURb/OT1
# wjkY5OtD9s5MCdnqPImkoCn2WXsITtL+5YlGUz3+xUQlG+pHIaJIy4rK+y3v6RgX
# jgvLCLudeVSV//DLYnitp9wrJcpqoINijdvuSSTFyjANN3SsGN9A90TTZSaV5oyg
# TMLBpiGqAWGDnXvRCq3vg3tb8gVhBrpISF0AF+6UvuiyIVIfMJPSvSekEXKfxNs8
# JoqzM1yEjgzr+d6X5+jN0kRm61kcmMP09JOKBHFwx3ZlCuYVr3XeR8YVClMJVqFw
# ZC0WaTSs69ldeU2pHn6d451aMgip+l7ZdDcROCJEGmQxZSc7JXNxcJ9RMRINutTp
# ljw86yTs+tLqrtg6FZ+eSBPJCqHFN6hdn9sXlIgJFV+bIj5dO4M6FeNwWvDo6ZaK
# JwjBlX6FOIwUtGpXaRy+YSECtiEagRsIrFIcrwgYJAL52c59LAc=
# =wVGj
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 17 Jun 2024 08:32:09 AM PDT
# gpg: using RSA key 685D0220DC264828152E57C2DFF223D6B3FECB9C
# gpg: Good signature from "Yong Huang <[email protected]>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 685D 0220 DC26 4828 152E 57C2 DFF2 23D6 B3FE CB9C
* tag 'dirtylimit-dirtyrate-pull-request-20240617' of
https://github.com/newfriday/qemu:
migration/dirtyrate: Fix segmentation fault
Signed-off-by: Richard Henderson <[email protected]>
Compare: https://github.com/qemu/qemu/compare/79e6ec66ba10...900536d3e97a
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
